I know a guy who does this. He pulls in about $50 a month with a site that basically runs itself. The only reason I don't do it is because the "ads" he ends up generating money off of are the kind that pay out when the visitor to his site installs a tool bar or some other nefarious thing. The only reason I wouldn't do that is that I don't think it's ethically correct to lure people into installing stuff they don't want on their computer. But I imagine that someone who's ambitious enough, and who sets up enough sites could generate quite a bit of money like this.

can we please stop relying on third parties for things *you* should be providing to your users.

Clearly it has benefits and disadvantages. One of the disadvantages is displayed in this story. I could name a decent amount of benefits though: 1) you don't have to register again and again every time you want to use some site. 2) you don't suffer from password fatigue. 3) you don't have to worry about no talent ass clowns storing your username and password in plaintext (although you do have to worry about facebook being no talent ass clowns about that). 4) if I just want to stand up a quick little site that is nothing more than CRUD associated to users then all that login stuff can be offloaded to facebook or whomever. 5) from a large corporation standpoint, you can now get additional social data about your users from the facebook api (I know, this isn't necessarily an advantage for the end user and is best viewed as double edged).

I think many people are in support of third party authentication semantics for non-critical sites..

Even though ultimately facebook is probably a bad choice for it, what else is so ubiquitous as to be a reasonable option that also doesnt suffer the same essential problems (certainly not a google account?)

Even though ultimately facebook is probably a bad choice for it, what else is so ubiquitous as to be a reasonable option that also doesnt suffer the same essential problems (certainly not a google account?)

OpenID. Sure, a provider having a similar error could stop users of that provider from logging on to your site, but its not a single point of failure for the entire site, its a single point of failure for the user and all the sites they use it to log into.

from a large corporation standpoint, you can now get additional social data about your users from the facebook api (I know, this isn't necessarily an advantage for the end user and is best viewed as double edged).

For an individual, there's only one edge: a sharp one. Who in their right mind would want every company/web site to know all of the intimate details of what they're doing on every other web site? Isn't it obvious to people that by signing in with a Facebook ID to web sites, that not only doe

If Facebook sold that information you'd have a point, but as it's not disclosed in any of their privacy literature that'd be a monstrous and legally actionable breach of their information protection obligations.

Facebook is an advertising company. Their product is highly granular, per-user demographics and profiles. That product is based on information gathered from tracking their users' posts, relationships, browsing history and basically any info they can get their hands on (raw materials). The product is then sold to their customers; anyone who does a targeted media buy on their site, as well as advertisers and marketing firms.

Without the raw materials, Facebook would not be a for-profit venture and their sto

Who in their right mind would want every company/web site to know all of the intimate details of what they're doing on every other web site?

Most people would not want that.
But most people don't care. First of all most people don't even know, or consider what is actually happened. Secondly it is convenient for most people. And thats pretty much why it will continue.

The problem yesterday had nothing to do with sites offloading authentication to Facebook. It was simply sites that have a little Facebook ad--like "what's popular on Facebook." I experienced this yesterday, just looking for a store location--there was a Facebook ad on the page that instantly redirected to Facebook.

IMHO, OpenID is better. Whether google is trustworthy or not is a matter of opinion, and google can be just another OpenID provider. If we want a single provider, the world will never settle for a single trusted entity.

Kinda. The thing is that the reliable programmers who specialize in this kind of thing work for companies like Disqus, whose jobs revolve 100% around this. However, random PHB at ${dying newspaper} has never heard of Disqus, but has heard of Facebook, which similarly to the newspaper employs many programmers, few of whom consider it the primary job of their organization to help, and not f--- up, third party websites.

If Disqus (or Livewyre or whatever) ever made this kind of screw up, they'd seriously des

I've less quarrel with the concept of using a 3rd party to verify identity (that's what a driver's license does when we aren't on line) than with the notion of using the services of a "free" site that gets its revenue by tracking its users and selling that information to advertisers and the like. And do I want to stay logged in to something like Facebook when it is exposing my information (not all of which is bogus fiction) to anyone who has access to their API? And yes, Google is doing much of the same a

"... can we please stop relying on third parties for things *you* should be providing to your users."

Actually, this probably didn't come from anything that is "provided" to customers.

Typically, when you link your site to Facebook (especially if you're not careful), you include a piece of JavaScript that Facebook supplies. Essentially, it's user-tracking, which is NOT a service "provided" to site visitors, unless you happen to like that sort of thing.

Sadly, many websites actually pull this JavaScript in realtime from Facebook itself, rather than hard-coding the JavaScript into their page.

Oh, and if you hardcode them, how do you expect them to be able to do XHR requests to their servers, in violation of the same origin policy [wikipedia.org]? There's no point in serving JS if you prevent it from working.

"Oh, and if you hardcode them, how do you expect them to be able to do XHR requests to their servers, in violation of the same origin policy? There's no point in serving JS if you prevent it from working."

I've never used any that did that, and wouldn't use any that did that. That's a violation of MY policy.

If you let others insert scripts into your pages they can steal your visitors.

Maybe it'll make sites think about who they script src from.

One of the bad things I've noticed recently is that HSBC [hsbc.co.uk] is including objects from third party organisations in their ebanking login pages. I do wonder if any thought has gone into the security of such things, or if HSBC simply don't care (my experience of banks tells me that none of them have a single clue when it comes to internet security).

Which is why we should be asking for two-factor auth on every site, and using unique random passwords stored in a password vault for websites that need passwords. That way, if someone gets your password, it's a) useless without your phone b) useless for any other site. Unfortunately, it's extra hassle for developer and end user, so only a few people do it.

How is that possible? If I'm going to a site, I type in the URL into the address bar, or I click on a favorite, or click on a link returned by Google, or another search engine. The URL gets sent to a DNS server, which returns the IP address of the site, and then my browser starts making http requests directly from the site. Facebook is never involved. Unless Facebook has somehow poisoned the root DNS servers, I don't see how this is possible.

I suspect horrible article is the main culprit. At a guess I suspect this is nothing more that Facebook's authentication service failing.

Client is directed to Facebook for authentication, mechanism fails, Facebook tosses up error page. The implication that Facebook did anything wrong other than having buggy authentication is likely way of base.

Full disclosure, don't have a facebook page, never visited a facebook page, have zero interest in facebook.

The key is "client is directed to Facebook". Sites include 3rd party scripts all the time, blindly executing whatever gets sent back. If that includes a simple assignment to window.location, there's your redirect.

These sites are including javascript from facebook. Check your noscript/requestpolicy lists on those pages and you'll be surprised how many external sites those pages include javascript and images from. This was bound to happen (and worse things have probably happened in secret).

The Steam browser is a nice example of facebook javascript gone wrong. Every page with a "like" script on it redirects to some facebook address as soon as the page finishes loading. The end result is that you see what you wanted to see, but the URL bar is always some sort of lenghty facebook redirect because Steam is trying to load it somehow but fails and leaves you on the page you wanted to visit anyway.

In short, "Web bugs", short bits of code that are included inline from another provider. Basically these sites had on their front page a "get shit from facebook" or some such badge displayed, that badge is not created by the site owner but is sourced inline from facebook, now if the thing they pull from facebook is broken and facebook presents a redirect to your browser in place of the web bug (badge, whatever) then your browser dutifully redirects.

Worse than that. Many (most?) of them have you pull the foreign code from the foreign site directly. So even if they did audit it, the foreign site could change the code and their site would dutifully ask you to run it.

I successfully made it to Papa John's web site to order pizza last night. When I got to the last page of checkout, I immediately got redirected to Facebook.

Apparently they're including Facebook Javascript code on all their pages, and I happened to be in the middle of ordering a pizza when the bug hit.

Why Javascript is allowed to redirect a web site these days without user intervention is beyond me. Most Javascript methods that open windows or navigate you require being triggered by a click event or other

I think a lot of web apps would break if Javascript couldn't mess with the window location / back button / tab history, etc. Think of things like Gmail and Google Docs. Unlike pop-ups and so on, it does actually have a useful purpose.

This pretty much sums up the number one problem with tech culture in the valley. Companies are optimized to raise money, not make money. Facebook has had years to switch the focus already but still cannot seem to do it. If your typical tech startup had 20 billion in the bank, the founders would say "Look how this will affect our valuation! We'll be able to get to round 98 of seed funding!"

The third-party sites load a chunk of Facebook onto their site, so if you're logged into Facebook then you're logged into that chunk on the third-party site. The third-party site doesn't have your login or information - it's passed between you and the chunk of Facebook on that site. Or at least, that's how it's supposed to work.

It's not the 90's anymore... you can load a page that's connected to dozens of different services that are almost completely independent of each other and the page you're on.

It's not the 90's anymore... you can load a page that's connected to dozens of different services that are almost completely independent of each other and the page you're on.

Yes, but do we have to?
Most of those websites look crippled until the last of these dozen services finally loads 3 minutes later. Blockbuster.com used to hang (unresponsive) for about 30 seconds while the browser said "contacting adserve...fb.com".

Most of those websites look crippled until the last of these dozen services finally loads 3 minutes later.

I know, right? Browsing the web with NotScript (Chrome extension) is a real eye-opener. Some sites simply load as a blank white screen until you whitelist scripts to run! It's especially good when you first open a site, it has three sources for scripts, then when you enable one, suddenly 15 more appear in the list. It's great being able to disable most of the junk people toss on sites from the get-go, but sometimes it's irritating to have to dig through the long chain of scripts just to make a web site func

Recently we have seen very widespread "single point of failure" issues. Notably with Facebook and Apple who are both so pervasive in society. These firms are constantly doing major and complicated software updates and those updates are propagated either invisibly in the background or introduced through "voluntary" software updates where you don't get major new features unless you do the update and you have to simply live with whatever bugs or feature cripples come along with it.

I use Facebook, I admit it. However, I only use Facebook for Facebook. If I log in to another site, I don't use the "Connect with Facebook" option to log in. If the site only allows you to log in with Facebook, I leave. I've yet to find a mission critical site like banks, etc that use Facebook or another service. Therefore, I'm doing my part to save humanity from the single point of failure.

Unfortunately it sounds like this bug would have hit users such as yourself also. I think when leaving FB to visit another site it is best to log out.

Multi-instance/multi-profile browsers would also be something nice. Especially those that limit what they report about the machine they are on (less fingerprint via installed fonts/cookies/html5 dbs/flash objects/etc)

If you stay logged in to facebag they can still track you via the part of any webpage that loads a chunk of facebag inline. I load it ina seperate browser and use ghostery on my main browser to block third party shenanigans.

The only one I can remember was when the server that responds to WISPr probes went down, rendering everyone's ipad unable to connect to a network...

Background:When an iOS device associates with a wifi network, it makes a web request to apple's server to see if its behind a captive portal. It expects to get back "SUCCESS" (returned by Apple's server) or a captive portal login page (returned by the wifi hotspot). If it doesn't get "SUCCESS" it displays the captive portal page so the user can log in. Unfort

Windows does the same thing, but AFAIK the only thing that happens if it doesn't get the OK response is the user gets a little popup balloon from the system tray warning them an internet connection is not available.

I've come to the conclusion that social networking is screwed up because the people who use it most are the people who are least invested in reality.

Every time I try to use Facebook, I get driven away by the behavior of its users. Not the Instagram dinner plate updates, or the personal drama, because I've already filtered out those people.

It's the sensitivity. People take anything seriously. I posted an article showing that divorce really screws up kids. I got back a half-dozen replies, all from people who'd had divorces, defending their own decisions. When I said that it wasn't personal, they said they still felt attacked.

There were other instances of similar behavior too. People hover around Facebook, looking for some reason to cause a scene. Why was this, I wondered.

It seems to me that if you have found something worth doing in life, you're mostly doing it. That doesn't mean your job. If your job sucks, you've probably got a project on the side. You're not going to devote your time to screwing around, which is what most people on Facebook do.

This means that social networking including Facebook selects out the people who have any direction in life, and leaves the resentful, bored, unemployed, disabled, upset, insane, teenage, etc. and concentrates them in large numbers. This is why so much of the response is crazy.

I should amend the post title. I used to keep trying to use Facebook (and MySpace, Digg, Reddit, Friendster, Pinterest, etc.). But now, I don't. These aren't places where healthy people hang out.

Facebook free for three months now. I just came to the realization that I was not interacting with all the people I care about in my life on Facebook. I was interacting with them in real life. The only interaction was with "fringe" friends or people you felt obligated to friend because they are "friends of friends" you met somewhere. "Hey great, Joe's wife took a picture of her Big Mac and fries and is enjoying a delicious shake." Ya, I'm outta here.

Slashdot, because of the good moderation system and good supply of topics that I want to see other people's comments about as much as the topic itself

and 4chan (yes, seriously) because it's sort of a zero-point energy of random discussion with its default anonymity and constantly expiring threads (it's too much hardcore internet trolling and memes for the average person though) But stay away from/b/, nothing interesting happens there anymore.

Well done. I would add unhappy to your list of qualities that make up the bulk of social site users. Many of the people I know who are regular users remain in contact with old flames even though they are now like Al Bundy. Here's to hoping these extra opportunities to procreate don't result in the psychologically healthy being out-bred by this genotypical subset. Oh wait...

I would add unhappy to your list of qualities that make up the bulk of social site users. Many of the people I know who are regular users remain in contact with old flames even though they are now like Al Bundy. Here's to hoping these extra opportunities to procreate don't result in the psychologically healthy being out-bred by this genotypical subset.

I've noticed this as well. People tend to try to "justify" their lives using lifestyle and/or perceived success. For example, a recent survey of Facebook fri

Every time I try to use Facebook, I get driven away by the behavior of its users. Not the Instagram dinner plate updates, or the personal drama, because I've already filtered out those people.

It's the sensitivity. People take anything seriously. I posted an article showing that divorce really screws up kids. I got back a half-dozen replies, all from people who'd had divorces, defending their own decisions. When I said that it wasn't personal, they said they still felt attacked.

You realize that the people "on Facebook" in this regard are your friends? You post an article, it's your friends who comment on it. What you're complaining about isn't Facebook's userbase in general, but that subset of it that you consider your friends. For what it's worth, I've had extended political and religious (basically the two most flamebait-y topics possible) discussions on Facebook where most people remained civil and presented reasoned arguments (and the few who didn't were just ignored). That's

Facebook did not "Break major websites". Instead Facebook users who were logged in to Facebook (and hence working under the auspices of Facebook) were screwed over when they went to third party sites. Sheesh.. even TFS explains that.

It broke the expected functionality of third-party websites. But I agree that Internet is not Facebook. At most, you might be able to claim Facebook broke a chunk of the WWW, but certainly not the Internet as only websites were affected. It's like saying a minor design flaw in a part used by many different car manufacturers completely disrupted our entire transportation infrastructure.

Instead Facebook users who were logged in to Facebook (and hence working under the auspices of Facebook)

I think you've misunderstood. By "logged into Facebook", they don't mean they were actually looking at Facebook at the time. It means they had previously logged into Facebook at some point and their browser has a cookie saved which authenticates them to Facebook.

These people were surfing the web normally. They weren't on Facebook. They got to a site that used Facebook for authentication, and th

I'd be of the mind that it wasn't a bug, but intentional. But FB? They don't really need the page views....do they? Stock has taken a bit of a dip again since the graph thing came to light...though still high enough that I'm sitting pretty (bought when it was around 19.50 or so).

At first I thought I somehow angered facebook and caused my session to get corrupted! Each time I visited a few different news sites after a few seconds It would be redirected to the error page. I ended up having to clear my cache to prevent the annoying redirect. I find facebook is good as a time waster but I find it scary how many sites have access to my logins and can track and control content.

I participate in comment discussion on the Gawker blogs - Lifehacker, particularly. They took away their own login system after they screwed it up so badly they gave away everyone's password. The community there is nice, but the site owners are stupid. I say, please let them use Facebook. When Facebook stops? They'll give me a way to transition to whatever they choose next.

I was getting this yesterday when reading an article on Mashible. I noticed that it stopped doing it by logging out of Facebook. Probably something I should be doing anyway to prevent them from tracking me all over the place

Protecting yourself against weird things Facebook does is actually fairly simple. I sandbox FB in it's own browser. It's all I use Firefox for, that and the occasional browser compatibility test, but I reset cookies/cache/etc before and after. Combine that with a fake name and you're largely safe to post whatever you want. Won't fool, like, law enforcement or whatever if they look specifically at you, but it will confuse whatever automated ad/cross site dossier these companies are compiling on you. I tie it